| Summary: | StatelessFile bound checks does not work on 64 bit | ||
|---|---|---|---|
| Product: | frysk | Reporter: | Phil Muldoon <pmuldoon> |
| Component: | general | Assignee: | Chris Moller <cmoller> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | cmoller |
| Priority: | P2 | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Host: | Target: | ||
| Build: | Last reconfirmed: | ||
| Bug Depends on: | |||
| Bug Blocks: | 1595, 2243 | ||
Removed verifyBounds()in StatelessFile.java, replaced it with an upper-bound check, and comitted it. (Nominally negative signed start and length numbers interpreted as large unsigned numbers will exceed bytes->length and cause a bounds exception. A nominally negative signed fileOffset number interpreted as a large unsigned value will /probably/ result in a read error and a throwErrno().) Patched worked. |
The below code won't work as java longs are signed, so values in the upper address range will be represented as negative decimal numbers for the purposes of the < 0 decimal comparisons. So a read at 0xffffffffff600000 will fail as when rendered to a singed long it will be a negative decimal value in the comparison and the <0 test will fail. static void verifyBounds (jlong fileOffset, jbyteArray bytes, jlong start, jlong length) { // XXX: 64-bit? if (fileOffset < 0) throw new java::lang::ArrayIndexOutOfBoundsException (); if (start < 0) throw new java::lang::ArrayIndexOutOfBoundsException (); if (length < 0) throw new java::lang::ArrayIndexOutOfBoundsException (); if (start + length > bytes->length) throw new java::lang::ArrayIndexOutOfBoundsException (); }